NetBSD/src 620ZM0Ktools/gcc gcc-version.mk

   bump the netbsd gcc 14 version due to addition of gfortran support.
VersionDeltaFile
1.30+2-2tools/gcc/gcc-version.mk
+2-21 files

NetBSD/src B8KavqJdoc CHANGES

   note gfortran appears.
VersionDeltaFile
1.3220+2-1doc/CHANGES
+2-11 files

NetBSD/src Ldca3Qzbin/sh sh.1

   remove extraneous ref to ``previous job''
VersionDeltaFile
1.274+3-3bin/sh/sh.1
+3-31 files

NetBSD/pkgsrc gnyz7Oishells/nushell distinfo, shells/nushell/patches patch-.._vendor_mio-0.8.11_src_sys_unix_selector_kqueue.rs

   nushell: patch second copy of mio as well
VersionDeltaFile
1.1+18-0shells/nushell/patches/patch-.._vendor_mio-0.8.11_src_sys_unix_selector_kqueue.rs
1.68+2-1shells/nushell/distinfo
+20-12 files

NetBSD/src jWZDULDlib/libc/rpc svc.c

   ensure lock is released when fdset fails

   reviewed by christos@
VersionDeltaFile
1.42+27-27lib/libc/rpc/svc.c
+27-271 files

NetBSD/src tcLlOvHusr.bin/sort sort.c

   usr.bin/sort: Sync the usage message with the manual page.
VersionDeltaFile
1.65+11-6usr.bin/sort/sort.c
+11-61 files

NetBSD/pkgsrc-wip 5e83d54webkit-gtk PLIST Makefile, webkit-gtk4 PLIST Makefile

webkit-gtk, webkit-gtk4: remove some old webkit-gtk versions

No sense in working on these any longer.
DeltaFile
+0-288webkit-gtk/PLIST
+0-278webkit-gtk4/PLIST
+0-177webkit-gtk/Makefile
+0-168webkit-gtk4/Makefile
+0-121webkit-gtk4/patches/patch-Source_JavaScriptCore_runtime_MachineContext.h
+0-97webkit-gtk4/options.mk
+0-1,129119 files not shown
+0-3,902125 files

NetBSD/pkgsrc-wip a4c16c7webkit-gtk PLIST Makefile, webkit-gtk-2.50 PLIST Makefile

webkit-gtk-2.50: move to webkit-gtk
DeltaFile
+0-4,174webkit-gtk-2.50/PLIST
+4,174-0webkit-gtk/PLIST
+0-210webkit-gtk-2.50/Makefile
+210-0webkit-gtk/Makefile
+0-101webkit-gtk-2.50/patches/patch-Source_bmalloc_bmalloc_AvailableMemory.cpp
+101-0webkit-gtk/patches/patch-Source_bmalloc_bmalloc_AvailableMemory.cpp
+4,485-4,48575 files not shown
+5,285-5,28581 files

NetBSD/pkgsrc LseGcsOwww/curl Makefile.common options.mk

   curl & libcurl-gnutls: fix BUILDLINK_API_DEPENDS.openssl

   The assignment shouldn't be placed in Makefile.common for more than one
   reason (openssl is a build option, it should be propagated to packages
   that link against libcurl, and, though harmless, makes no sense being
   applied to libcurl-gnutls).

   Related to PR pkg/59899. Also likely related to:
   https://mail-index.netbsd.org/tech-pkg/2026/01/16/msg031893.html
VersionDeltaFile
1.34+1-3www/curl/Makefile.common
1.27+2-1www/curl/options.mk
1.70+2-1www/curl/buildlink3.mk
+5-53 files

NetBSD/pkgsrc GSUn8h6doc pkg-vulnerabilities

   pkg-vulnerabilities: add last 12 hours CVEs

   + assimp (not fixed)
VersionDeltaFile
1.717+2-1doc/pkg-vulnerabilities
+2-11 files

NetBSD/pkgsrc-wip 6478ddcmapnik TODO

mapnik: Add reference to CVE-2025-15537
DeltaFile
+2-0mapnik/TODO
+2-01 files

NetBSD/pkgsrc-wip 5ed18bfpy-pywhat PLIST

py-pywhat: adjust LICENSE path

This likely changed between py-poetry-core versions.
DeltaFile
+1-1py-pywhat/PLIST
+1-11 files

NetBSD/pkgsrc 26QKjoYdoc CHANGES-2026

   doc: Updated www/chromium to 144.0.7559.59
VersionDeltaFile
1.513+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc N8dJyDywww/chromium/files chromium.sh.in

   www/chromium: remove workaround flag from wrapper script
VersionDeltaFile
1.4+0-3www/chromium/files/chromium.sh.in
+0-31 files

NetBSD/pkgsrc T1nlh0Fwww/chromium distinfo, www/chromium/patches patch-chrome_browser_about__flags.cc patch-third__party_perfetto_include_perfetto_base_build__config.h

   www/chromium: update to 144.0.7559.59

   * 144.0.7559.59

   This update includes 10 security fixes. Below, we highlight fixes that
   were contributed by external researchers. Please see the Chrome Security
   Page for more information.
   [$8000][458914193] High CVE-2026-0899: Out of bounds memory access in V8.
   Reported by @p1nky4745 on 2025-11-08
   [TBD][465730465] High CVE-2026-0900: Inappropriate implementation in V8.
   Reported by Google on 2025-12-03
   [TBD][40057499] High CVE-2026-0901: Inappropriate implementation in Blink.
   Reported by Irvan Kurniawan (sourc7) on 2021-10-04
   [$4000][469143679] Medium CVE-2026-0902: Inappropriate implementation in V8.
   Reported by 303f06e3 on 2025-12-16
   [$3000][444803530] Medium CVE-2026-0903: Insufficient validation of untrusted
   input in Downloads. Reported by Azur on 2025-09-13
   [$1000][452209495] Medium CVE-2026-0904: Incorrect security UI in Digital

    [11 lines not shown]
VersionDeltaFile
1.25+1,527-1,524www/chromium/distinfo
1.14+114-78www/chromium/patches/patch-chrome_browser_about__flags.cc
1.14+52-65www/chromium/patches/patch-third__party_perfetto_include_perfetto_base_build__config.h
1.14+59-5www/chromium/patches/patch-chrome_browser_ui_ui__features.cc
1.14+32-23www/chromium/patches/patch-chrome_browser_policy_configuration__policy__handler__list__factory.cc
1.14+22-22www/chromium/patches/patch-chrome_browser_chrome__content__browser__client.cc
+1,806-1,7171,533 files not shown
+5,201-4,4711,539 files

NetBSD/pkgsrc SsqXPwldoc CHANGES-2026

   doc: Updated lang/php85 to 8.5.2
VersionDeltaFile
1.512+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc iuWV4JKlang/php phpversion.mk, lang/php85 distinfo

   lang/php85: update to 8.5.2

   8.5.2 (2026-01-15)

   15 Jan 2026, PHP 8.5.2

   - Core:
     . Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature
       with dynamic class const lookup default argument). (ilutov)
     . Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing
       malformed INI input via parse_ini_string()). (ndossche)
     . Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
     . Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant
       ob_start() during error deactivation). (ndossche)
     . Fixed bug GH-20745 ("Casting out of range floats to int" applies to
       strings). (Bob)

   - DOM:
     . Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning

    [51 lines not shown]
VersionDeltaFile
1.2+4-4lang/php85/distinfo
1.490+2-2lang/php/phpversion.mk
+6-62 files

NetBSD/pkgsrc j3T6VH9doc CHANGES-2026

   doc: Updated lang/php83 to 8.3.30
VersionDeltaFile
1.511+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc gfYgppPlang/php phpversion.mk, lang/php83 distinfo Makefile

   lang/php83: update to 8.3.30

   8.3.30 (2026-01-15)

   - Core:
     . Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature
       with dynamic class const lookup default argument). (ilutov)
     . Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing
       malformed INI input via parse_ini_string()). (ndossche)
     . Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
     . Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant
       ob_start() during error deactivation). (ndossche)

   - Bz2:
     . Fixed bug GH-20620 (bzcompress overflow on large source size).
       (David Carlier)

   - DOM:
     . Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning

    [39 lines not shown]
VersionDeltaFile
1.33+4-4lang/php83/distinfo
1.489+2-2lang/php/phpversion.mk
1.21+1-2lang/php83/Makefile
+7-83 files

NetBSD/pkgsrc B8BKzr4doc CHANGES-2026

   doc: Updated lang/php84 to 8.4.17
VersionDeltaFile
1.510+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc MCri1JFlang/php phpversion.mk, lang/php84 distinfo Makefile

   lang/php84: update to 8.4.17

   8.4.17 (2025-01-15)

   - Core:
     . Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature
       with dynamic class const lookup default argument). (ilutov)
     . Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing
       malformed INI input via parse_ini_string()). (ndossche)
     . Fixed bug GH-20714 (Uncatchable exception thrown in generator). (ilutov)
     . Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant
       ob_start() during error deactivation). (ndossche)

   - Bz2:
     . Fixed bug GH-20620 (bzcompress overflow on large source size).
       (David Carlier)

   - DOM:
     . Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning

    [47 lines not shown]
VersionDeltaFile
1.17+4-4lang/php84/distinfo
1.488+2-2lang/php/phpversion.mk
1.11+1-2lang/php84/Makefile
+7-83 files

NetBSD/pkgsrc-wip d006975chromium distinfo, chromium/patches patch-chrome_browser_about__flags.cc patch-third__party_perfetto_include_perfetto_base_build__config.h

chromium: update to 144.0.7559.59
DeltaFile
+1,526-1,514chromium/distinfo
+114-78chromium/patches/patch-chrome_browser_about__flags.cc
+53-66chromium/patches/patch-third__party_perfetto_include_perfetto_base_build__config.h
+59-5chromium/patches/patch-chrome_browser_ui_ui__features.cc
+32-23chromium/patches/patch-chrome_browser_policy_configuration__policy__handler__list__factory.cc
+22-22chromium/patches/patch-chrome_browser_chrome__content__browser__client.cc
+1,806-1,7081,527 files not shown
+5,193-4,6951,533 files

NetBSD/pkgsrc Ur0pgCTdoc CHANGES-2026

   doc: Updated lang/ruby32 and related pacakges to 3.2.10

        lang/ruby32-base
        devel/ruby-readline
        lang/ruby32
VersionDeltaFile
1.509+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc VRquG74lang/ruby rubyversion.mk, lang/ruby32-base distinfo hacks.mk

   lang/ruby32-base: update to 3.2.10

   3.2.10 (2026-01-14)

   This release includes the following security fixes:

   * CVE-2025-61594: URI Credential Leakage Bypass previous fixes | Ruby
   * CVE-2025-58767: DoS vulnerability in REXML | Ruby

   and the following fixes for some issues:

   * Build issue of using Ruby 4.0 with BASERUBY at Windows platform
   * Issue with OpenSSL 3.6.0

   What's Changed

   * Backport post_push.yml workflow to ruby_3_2 by k0kubun · Pull Request
     #14771
   * Backport fetch_changesets to ruby_3_2 by k0kubun · Pull Request #14774

    [2 lines not shown]
VersionDeltaFile
1.309+4-4lang/ruby/rubyversion.mk
1.18+4-4lang/ruby32-base/distinfo
1.4+2-2lang/ruby32-base/hacks.mk
+10-103 files

NetBSD/src YxnppFClib/libc/resolv res_debug.c

   fix wrong sizeof char buf used in resolve debug

   no harm caused, as p_time not internally used yet.

   seen by christos@ and riastradh@
VersionDeltaFile
1.19+5-6lib/libc/resolv/res_debug.c
+5-61 files

NetBSD/pkgsrc sg558HJdevel/ruby-shoulda-matchers distinfo

   devel/ruby-shoulda-matchers: update distinfo

   Forgot to update distinfo in previous commit.
VersionDeltaFile
1.21+4-4devel/ruby-shoulda-matchers/distinfo
+4-41 files

NetBSD/pkgsrc kzM2ZhRdoc CHANGES-2026

   Updated security/p11-kit, audio/py-last
VersionDeltaFile
1.508+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc oeICto6audio/py-last distinfo Makefile

   py-last: updated to 7.0.2

   7.0.2

   Fixed

   Fix user playcount for artists
   Create httpx.Client with context manager to fix unclosed socket resource warning
   Fix setting network for country.get_top_artists
   Simplify xml.dom imports
VersionDeltaFile
1.14+4-4audio/py-last/distinfo
1.21+2-2audio/py-last/Makefile
+6-62 files

NetBSD/pkgsrc y2ao7grsecurity/p11-kit distinfo Makefile

   p11-kit: updated to 0.26.1

   0.26.1 (stable)
   * trust: Ensure compatibility of CKA_NSS_TRUST and CKA_TRUST
VersionDeltaFile
1.34+4-4security/p11-kit/distinfo
1.43+2-2security/p11-kit/Makefile
1.14+2-2security/p11-kit/PLIST
+8-83 files

NetBSD/pkgsrc JRzNHApdoc CHANGES-2026

   correction as: to -> version, sorry
VersionDeltaFile
1.507+2-2doc/CHANGES-2026
+2-21 files